Hi @all,
I've some trouble running TLS with LDAP:
At first I created on my Linux LDAP-Server a Certificate Authority with
CA.pl -newca
with the certification cacert.pem
The result of a check with 'CA.pl -verify cacert.pem' is 'OK'
After that I created a server certificate for my LDAP-Server with
CA.pl -newcert -> newreq.pem
and signed it with the Cerificate Authority
CA.pl -signcert -> newcert.pem
The result of a check with 'CA.pl -verify newcert.pem' is 'OK'
In a 3rd step I deleted the password in newreq.pem with
openssl rsa -in newreq.pem -out ldapkey.pem
Here is the first error when I try a check with
'CA.pl -verify ldapkey.pem' it says:
'unable to load certificate
18032:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE'
I made a chmod 777 on the keys, no influence. Has anyone an idea what I'm
doing wrong ?
I also changed my slapd.conf with the entries:
TLSCertificateFile /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/ldapkey.pem
TLSCACertificateFile /etc/openldap/cacert.pem
After restarting slapd a 'openssl s_client -connect localhost:389
-showcerts' results in:
'CONNECTED(00000003)
18034:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:'
Any help would be appreciated,
does someone know a good Link for a 'cookbook' for TLS with LDAP ?